aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2004-03-17 12:11:08 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2004-03-17 12:11:08 +0000
commit81ac585294418460a598ae2c6d3eeaf0d993b18a (patch)
tree61beab9e630eee6949514999b0e00b50f9d6f883
parent50ef0093530d9eae8741fb66ae7161ad1d68dcca (diff)
downloadsrc-81ac585294418460a598ae2c6d3eeaf0d993b18a.tar.gz
src-81ac585294418460a598ae2c6d3eeaf0d993b18a.zip
Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
Obtained from: OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=127114
-rw-r--r--crypto/openssl/ssl/s3_pkt.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index 3f88429e79a6..9f3e5139ad97 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
goto err;
}
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL)
+ {
+ i=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ goto err;
+ }
+
rr->length=0;
if (s->msg_callback)